3 matches found
Attacker can steal CrossDomainMessenger and OptimismPortal token balances or tokens of anyone give approval for those contracts
Lines of code Vulnerability details Impact Contracts CrossDomainMessenger and OptimismPortal are part of the bridge protocol and they are responsible for sending messages between two network. they both call arbitrary address with arbitrary data that user specified and it would give attacker to...
Possible loss of funds when withdrawing from L2 to L1
Lines of code Vulnerability details Impact Context To initiate a withdrawal from L2 to L1, a user can call L2EthToken.withdraw method, then funds will be available to calim on L1 via finalizeEthWithdrawal method of MailboxFacet. function withdrawaddress l1Receiver external payable override The...
Sending L2 ---> L1 message without paying gas for published data due to uint256 overflow
Lines of code Vulnerability details Impact Due to this bug, a user can send arbitrarily long messages greater than a certain length from L2 to L1 without paying for the gas that is required for publishing data on L1. Proof of Concept Below is a PoC contract called "Test" that illustrates the bug...